{ "Event": { "analysis": "1", "date": "2017-06-09", "extends_uuid": "", "info": "M2M - Jaff 2017-06-09 : missing subject - \"IMG_1234.ZIP\" / \"DOC_1234.docm\"", "publish_timestamp": "1497022891", "published": true, "threat_level_id": "3", "timestamp": "1497022884", "uuid": "593a6d56-c9d4-44a5-af47-4b68950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:white", "relationship_type": "" }, { "colour": "#006c6c", "local": false, "name": "ecsirt:malicious-code=\"ransomware\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:ransomware=\"Jaff\"", "relationship_type": "" } ], "Attribute": [ { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497001303", "to_ids": true, "type": "md5", "uuid": "593a6d57-58fc-4226-b97d-4bcc950d210f", "value": "a810aa0c0f88929f805056a2b75956c4" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497001303", "to_ids": true, "type": "md5", "uuid": "593a6d57-e1b8-45f5-9285-42bb950d210f", "value": "a6be6ea02acd9138578cae3ef408cbe7" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497001304", "to_ids": true, "type": "url", "uuid": "593a6d58-72ac-4fa3-ada6-4bb5950d210f", "value": "http://7prisms.com/0hbtyHG" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497001305", "to_ids": true, "type": "hostname", "uuid": "593a6d59-df44-4ffb-8489-424e950d210f", "value": "7prisms.com" }, { "category": "Network activity", "comment": "7prisms.com", "deleted": false, "disable_correlation": false, "timestamp": "1497001305", "to_ids": false, "type": "ip-dst", "uuid": "593a6d59-b5ec-4157-a7a1-4389950d210f", "value": "70.40.221.121" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497001306", "to_ids": true, "type": "url", "uuid": "593a6d5a-f8c4-4d08-b9a6-4204950d210f", "value": "http://adjlegal.com/0hbtyHG" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497001306", "to_ids": true, "type": "hostname", "uuid": "593a6d5a-819c-4a3a-a629-4f85950d210f", "value": "adjlegal.com" }, { "category": "Network activity", "comment": "adjlegal.com", "deleted": false, "disable_correlation": false, "timestamp": "1497001307", "to_ids": false, "type": "ip-dst", "uuid": "593a6d5b-a6c8-48e0-ba22-4204950d210f", "value": "162.222.226.195" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497001308", "to_ids": true, "type": "url", "uuid": "593a6d5c-961c-4212-a8a4-4426950d210f", "value": "http://akira-sushi34.ru/0hbtyHG" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497001308", "to_ids": true, "type": "hostname", "uuid": "593a6d5c-795c-4892-b868-400e950d210f", "value": "akira-sushi34.ru" }, { "category": "Network activity", "comment": "akira-sushi34.ru", "deleted": false, "disable_correlation": false, "timestamp": "1497001309", "to_ids": false, "type": "ip-dst", "uuid": "593a6d5d-47cc-43ec-b8a3-7db6950d210f", "value": "141.8.194.135" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497001310", "to_ids": true, "type": "url", "uuid": "593a6d5e-c724-4953-9510-45fb950d210f", "value": "http://assuresolutions.in/0hbtyHG" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497001310", "to_ids": true, "type": "hostname", "uuid": "593a6d5e-0adc-486a-84ab-4b68950d210f", "value": "assuresolutions.in" }, { "category": "Network activity", "comment": "assuresolutions.in", "deleted": false, "disable_correlation": false, "timestamp": "1497001311", "to_ids": false, "type": "ip-dst", "uuid": "593a6d5f-0cb8-4633-ae88-4ec7950d210f", "value": "209.99.16.227" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497001311", "to_ids": true, "type": "url", "uuid": "593a6d5f-f310-415c-b8ed-44b6950d210f", "value": "http://charlenelouw.co.za/0hbtyHG" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497001312", "to_ids": true, "type": "hostname", "uuid": "593a6d60-fbec-4a5f-8a69-4b68950d210f", "value": "charlenelouw.co.za" }, { "category": "Network activity", "comment": "charlenelouw.co.za", "deleted": false, "disable_correlation": false, "timestamp": "1497001312", "to_ids": false, "type": "ip-dst", "uuid": "593a6d60-e38c-4cf5-bf57-4bfe950d210f", "value": "196.46.186.187" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497001313", "to_ids": true, "type": "url", "uuid": "593a6d61-5074-4db3-ad28-44f8950d210f", "value": "http://coregroupindia.co.in/0hbtyHG" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497001313", "to_ids": true, "type": "hostname", "uuid": "593a6d61-5f1c-4115-b961-46c6950d210f", "value": "coregroupindia.co.in" }, { "category": "Network activity", "comment": "coregroupindia.co.in", "deleted": false, "disable_correlation": false, "timestamp": "1497001314", "to_ids": false, "type": "ip-dst", "uuid": "593a6d62-40c4-4568-b027-4174950d210f", "value": "199.79.62.121" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497001315", "to_ids": true, "type": "url", "uuid": "593a6d63-0714-4916-8cb8-4ece950d210f", "value": "http://e67tfgc4uybfbnfmd.org/af/0hbtyHG" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497001315", "to_ids": true, "type": "hostname", "uuid": "593a6d63-1f10-42ea-afce-49cf950d210f", "value": "e67tfgc4uybfbnfmd.org" }, { "category": "Network activity", "comment": "e67tfgc4uybfbnfmd.org", "deleted": false, "disable_correlation": false, "timestamp": "1497001316", "to_ids": false, "type": "ip-dst", "uuid": "593a6d64-b1dc-4e1c-92ed-4625950d210f", "value": "119.28.85.128" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497001317", "to_ids": true, "type": "url", "uuid": "593a6d65-0ad0-4d5c-b410-4f1e950d210f", "value": "http://gidrowash.ru/0hbtyHG" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497001318", "to_ids": true, "type": "hostname", "uuid": "593a6d66-7014-4fda-8360-4f0e950d210f", "value": "gidrowash.ru" }, { "category": "Network activity", "comment": "gidrowash.ru", "deleted": false, "disable_correlation": false, "timestamp": "1497001318", "to_ids": false, "type": "ip-dst", "uuid": "593a6d66-4a40-4d97-b24b-4611950d210f", "value": "151.248.113.29" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497001319", "to_ids": true, "type": "url", "uuid": "593a6d67-1280-48f3-af5a-4ed9950d210f", "value": "http://matbaa.be/0hbtyHG" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497001320", "to_ids": true, "type": "hostname", "uuid": "593a6d68-bcdc-44fe-841c-4891950d210f", "value": "matbaa.be" }, { "category": "Network activity", "comment": "matbaa.be", "deleted": false, "disable_correlation": false, "timestamp": "1497001320", "to_ids": false, "type": "ip-dst", "uuid": "593a6d68-1c40-42d1-b850-7db6950d210f", "value": "185.158.165.13" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497001321", "to_ids": true, "type": "url", "uuid": "593a6d69-aaa4-4362-a248-3089950d210f", "value": "http://mercobel.be/0hbtyHG" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497001321", "to_ids": true, "type": "hostname", "uuid": "593a6d69-2250-42e1-aed6-4b68950d210f", "value": "mercobel.be" }, { "category": "Network activity", "comment": "mercobel.be", "deleted": false, "disable_correlation": false, "timestamp": "1497001322", "to_ids": false, "type": "ip-dst", "uuid": "593a6d6a-974c-41f7-a4ab-4e0e950d210f", "value": "37.97.228.171" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497001323", "to_ids": true, "type": "url", "uuid": "593a6d6b-1108-4e8b-8341-463c950d210f", "value": "http://missangel.org/0hbtyHG" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497001323", "to_ids": true, "type": "hostname", "uuid": "593a6d6b-0338-44c4-8012-4d9e950d210f", "value": "missangel.org" }, { "category": "Network activity", "comment": "missangel.org", "deleted": false, "disable_correlation": false, "timestamp": "1497001324", "to_ids": false, "type": "ip-dst", "uuid": "593a6d6c-38cc-45f4-bbff-41c7950d210f", "value": "111.118.215.77" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497001325", "to_ids": true, "type": "url", "uuid": "593a6d6d-a2b0-4d35-94e6-4eda950d210f", "value": "http://msbn.net/0hbtyHG" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497001325", "to_ids": true, "type": "hostname", "uuid": "593a6d6d-f494-4c87-b2fb-4faf950d210f", "value": "msbn.net" }, { "category": "Network activity", "comment": "msbn.net", "deleted": false, "disable_correlation": false, "timestamp": "1497001326", "to_ids": false, "type": "ip-dst", "uuid": "593a6d6e-30b0-4a36-a0f7-4eb7950d210f", "value": "69.64.147.34" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497001327", "to_ids": true, "type": "url", "uuid": "593a6d6f-8d28-43fb-9cbe-42bb950d210f", "value": "http://mscomunicacion.com.mx/0hbtyHG" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497001327", "to_ids": true, "type": "hostname", "uuid": "593a6d6f-7a04-4c12-aff4-4800950d210f", "value": "mscomunicacion.com.mx" }, { "category": "Network activity", "comment": "mscomunicacion.com.mx", "deleted": false, "disable_correlation": false, "timestamp": "1497001328", "to_ids": false, "type": "ip-dst", "uuid": "593a6d70-fc30-4695-94ac-4bfe950d210f", "value": "173.254.28.87" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497001329", "to_ids": true, "type": "url", "uuid": "593a6d71-43b0-4df2-97e9-4987950d210f", "value": "http://seminator.de/0hbtyHG" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497001329", "to_ids": true, "type": "hostname", "uuid": "593a6d71-c848-4aff-952a-43cb950d210f", "value": "seminator.de" }, { "category": "Network activity", "comment": "seminator.de", "deleted": false, "disable_correlation": false, "timestamp": "1497001330", "to_ids": false, "type": "ip-dst", "uuid": "593a6d72-f048-44bb-8ead-4204950d210f", "value": "81.169.145.94" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497001330", "to_ids": true, "type": "url", "uuid": "593a6d72-fcf4-4be5-a24f-4b68950d210f", "value": "http://sevsem.biz/0hbtyHG" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497001331", "to_ids": true, "type": "hostname", "uuid": "593a6d73-b018-41dc-9df7-4009950d210f", "value": "sevsem.biz" }, { "category": "Network activity", "comment": "sevsem.biz", "deleted": false, "disable_correlation": false, "timestamp": "1497001332", "to_ids": false, "type": "ip-dst", "uuid": "593a6d74-500c-48ff-8a55-4b68950d210f", "value": "46.29.160.48" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497001332", "to_ids": true, "type": "url", "uuid": "593a6d74-aad4-47ad-a791-4304950d210f", "value": "http://speaklifegreetings.com/0hbtyHG" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497001333", "to_ids": true, "type": "hostname", "uuid": "593a6d75-5e60-41af-b1cc-4bfe950d210f", "value": "speaklifegreetings.com" }, { "category": "Network activity", "comment": "speaklifegreetings.com", "deleted": false, "disable_correlation": false, "timestamp": "1497001336", "to_ids": false, "type": "ip-dst", "uuid": "593a6d78-a008-4bb5-8e8e-4bfe950d210f", "value": "174.127.105.121" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497001337", "to_ids": true, "type": "url", "uuid": "593a6d79-f5d4-4538-8b78-429f950d210f", "value": "http://sportsandsocialchange.org/0hbtyHG" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497001338", "to_ids": true, "type": "hostname", "uuid": "593a6d7a-8c20-4465-8abf-4204950d210f", "value": "sportsandsocialchange.org" }, { "category": "Network activity", "comment": "sportsandsocialchange.org", "deleted": false, "disable_correlation": false, "timestamp": "1497001339", "to_ids": false, "type": "ip-dst", "uuid": "593a6d7b-7cac-460d-b525-465c950d210f", "value": "192.185.5.128" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497001339", "to_ids": true, "type": "url", "uuid": "593a6d7b-0688-4c58-bc14-4843950d210f", "value": "http://stock-fallimenti.com/0hbtyHG" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497001340", "to_ids": true, "type": "hostname", "uuid": "593a6d7c-62a8-4a9b-b12c-4b68950d210f", "value": "stock-fallimenti.com" }, { "category": "Network activity", "comment": "stock-fallimenti.com", "deleted": false, "disable_correlation": false, "timestamp": "1497001341", "to_ids": false, "type": "ip-dst", "uuid": "593a6d7d-8934-4e26-af72-46d0950d210f", "value": "213.32.71.234" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497001341", "to_ids": true, "type": "url", "uuid": "593a6d7d-b0ec-449d-8ebf-47f6950d210f", "value": "http://xp.com.sg/0hbtyHG" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497001342", "to_ids": true, "type": "hostname", "uuid": "593a6d7e-c974-409d-b9c7-3089950d210f", "value": "xp.com.sg" }, { "category": "Network activity", "comment": "xp.com.sg", "deleted": false, "disable_correlation": false, "timestamp": "1497001343", "to_ids": false, "type": "ip-dst", "uuid": "593a6d7f-4bd8-42f9-b909-4204950d210f", "value": "198.252.98.191" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497001343", "to_ids": true, "type": "url", "uuid": "593a6d7f-4358-42d3-8aaf-420f950d210f", "value": "http://yesman.me/0hbtyHG" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497001344", "to_ids": true, "type": "hostname", "uuid": "593a6d80-c7b8-4aaf-b9f4-49b6950d210f", "value": "yesman.me" }, { "category": "Network activity", "comment": "yesman.me", "deleted": false, "disable_correlation": false, "timestamp": "1497001345", "to_ids": false, "type": "ip-dst", "uuid": "593a6d81-bbb4-4c6c-be7b-446a950d210f", "value": "103.254.148.134" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497001345", "to_ids": true, "type": "url", "uuid": "593a6d81-0eb8-469c-93d6-4e9f950d210f", "value": "http://zeshta.com/0hbtyHG" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497001346", "to_ids": true, "type": "hostname", "uuid": "593a6d82-2ad0-4d99-b9c7-4bfe950d210f", "value": "zeshta.com" }, { "category": "Network activity", "comment": "zeshta.com", "deleted": false, "disable_correlation": false, "timestamp": "1497001347", "to_ids": false, "type": "ip-dst", "uuid": "593a6d83-e750-4e7a-a81d-4452950d210f", "value": "103.21.59.169" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497001348", "to_ids": true, "type": "url", "uuid": "593a6d84-fb54-450b-b3c2-420d950d210f", "value": "http://zonnit.com/0hbtyHG" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497001348", "to_ids": true, "type": "hostname", "uuid": "593a6d84-fff4-4e07-9a3d-43ed950d210f", "value": "zonnit.com" }, { "category": "Network activity", "comment": "zonnit.com", "deleted": false, "disable_correlation": false, "timestamp": "1497001349", "to_ids": false, "type": "ip-dst", "uuid": "593a6d85-ebc4-4163-8e20-421e950d210f", "value": "23.229.221.200" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497001349", "to_ids": true, "type": "url", "uuid": "593a6d85-5b50-4710-bdd9-45d4950d210f", "value": "http://brookstecholiggronm.net/a5/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1497001350", "to_ids": true, "type": "hostname", "uuid": "593a6d86-f1d8-48e2-9bbb-3089950d210f", "value": "brookstecholiggronm.net" } ] } }